From e18e00a6e5a0b01617c8816b8604ef2457731964 Mon Sep 17 00:00:00 2001 From: Jerko Steiner Date: Sun, 10 Mar 2019 15:42:58 +0500 Subject: [PATCH] Use UserPermissions in TeamRoutes --- .../server/src/application/Application.ts | 1 + packages/server/src/team/TeamRoutes.ts | 14 +++++++++++++ packages/server/src/team/TeamService.ts | 20 ------------------- packages/server/src/user/IUserPermissions.ts | 2 +- 4 files changed, 16 insertions(+), 21 deletions(-) diff --git a/packages/server/src/application/Application.ts b/packages/server/src/application/Application.ts index 83bb9f6..0d8f483 100644 --- a/packages/server/src/application/Application.ts +++ b/packages/server/src/application/Application.ts @@ -105,6 +105,7 @@ export class Application implements IApplication { router.use('/api', new team.TeamRoutes( this.teamService, + this.userPermissions, this.createTransactionalRouter(), ).handle) diff --git a/packages/server/src/team/TeamRoutes.ts b/packages/server/src/team/TeamRoutes.ts index c0b0860..8fe385e 100644 --- a/packages/server/src/team/TeamRoutes.ts +++ b/packages/server/src/team/TeamRoutes.ts @@ -2,11 +2,13 @@ import {AsyncRouter} from '../router' import {BaseRoute} from '../routes/BaseRoute' import {IAPIDef} from '@rondo/common' import {ITeamService} from './ITeamService' +import {IUserPermissions} from '../user/IUserPermissions' import {ensureLoggedInApi} from '../middleware' export class TeamRoutes extends BaseRoute { constructor( protected readonly teamService: ITeamService, + protected readonly permissions: IUserPermissions, protected readonly t: AsyncRouter, ) { super(t) @@ -35,6 +37,12 @@ export class TeamRoutes extends BaseRoute { t.put('/teams/:id', async req => { const id = Number(req.params.id) + + await this.permissions.belongsToTeam({ + teamId: id, + userId: req.user!.id, + }) + return this.teamService.update({ id, name: req.body.name, @@ -44,6 +52,12 @@ export class TeamRoutes extends BaseRoute { t.delete('/teams/:id', async req => { const id = Number(req.params.id) + + await this.permissions.belongsToTeam({ + teamId: id, + userId: req.user!.id, + }) + return this.teamService.remove({ id, userId: req.user!.id, diff --git a/packages/server/src/team/TeamService.ts b/packages/server/src/team/TeamService.ts index cdcc248..7839642 100644 --- a/packages/server/src/team/TeamService.ts +++ b/packages/server/src/team/TeamService.ts @@ -3,24 +3,9 @@ import {ITeamService} from './ITeamService' import {IUserTeamParams} from './IUserTeamParams' import {Team} from '../entities/Team' import {UserTeam} from '../entities/UserTeam' -import createError from 'http-errors' export class TeamService extends BaseService implements ITeamService { - protected async canModify({id, userId}: {id: number, userId: number}) { - const count = await this.getRepository(UserTeam) - .count({ - where: { - teamId: id, - userId, - }, - }) - - if (count === 0) { - throw createError(403, 'Forbidden') - } - } - // TODO check team limit per user async create({name, userId}: {name: string, userId: number}) { const team = await this.getRepository(Team).save({ @@ -39,9 +24,6 @@ export class TeamService extends BaseService implements ITeamService { } async remove({id, userId}: {id: number, userId: number}) { - // TODO check for role - this.canModify({id, userId}) - await this.getRepository(UserTeam) .delete({userId}) @@ -50,8 +32,6 @@ export class TeamService extends BaseService implements ITeamService { } async update({id, name, userId}: {id: number, name: string, userId: number}) { - this.canModify({id, userId}) - await this.getRepository(Team) .update({ id, diff --git a/packages/server/src/user/IUserPermissions.ts b/packages/server/src/user/IUserPermissions.ts index 79937e5..ad8c31d 100644 --- a/packages/server/src/user/IUserPermissions.ts +++ b/packages/server/src/user/IUserPermissions.ts @@ -1,4 +1,4 @@ export interface IUserPermissions { // TODO check for role too - belongsToTeam(params: {userId: number, teamId: number}): void + belongsToTeam(params: {userId: number, teamId: number}): Promise }